|Max CVSS||5.0||Min CVSS||5.0||Total Count||3|
|ID||CVSS||Summary||Last (major) update||Published|
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
|16-06-2017 - 15:29||16-06-2017 - 15:29|
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is
|25-04-2017 - 09:23||14-04-2017 - 00:59|
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism
|24-03-2017 - 21:59||27-09-2016 - 11:59|